Thinking of switching to NixOS, but I'm not sure about a few things - eviltoast

Hi, everybody!

I’ve been toying with the idea of switching to NixOS for some time. I’m currently on arch (6 months), and while I like the idea of a minimal, only-what-I-want-installed, hackable system with the newest packages, I think having a system that always works, even if an update goes south, is more important to me.

Now, I’m still not sure if I should switch. There are some issues I’m worried about, maybe unnecessarily.

For one, what are the trade-offs of switching from Arch? Anything I have to watch out for? I’ve heard there are some issues with regard to the FSH and gaming, or just FSH in general, or just gaming in general. Secondly, the dotfiles. I hear there is the Home Manager for that, but it doesn’t have support for everything, so some files would need to be managed in other ways. Is there a way to manage everything at the same time? Even better if everything is in configuration.nix. I thought of using env.etc.xxx.source and .text to link the dotlifes to the etc folder and change the contents, but it feels… cheap and unsafe to do that. Third, are flakes really that important? I hear about them everywhere, I haven’t researched them yet, but I’m curious what the fuss is about.

Let me know if there is anything else I should consider. I mainly game, watch videos and sometimes play with the system if needed. I’m not sure if I really want to switch, or is it just “oooo, new shiny and cool” thing lol

Thanks :)

  • unhinge@programming.dev
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    7 months ago

    Secondly, the dotfiles. I hear there is the Home Manager for that, but it doesn’t have support for everything

    In this case, you can use home.file option of home-manager similar to environment.etc of NixOS configuration.

    For example, let’s configure dunst with home-manager [1]:

    In case home-manager doesn't support it:
    # installing the package
    home.packages = [ pkgs.dunst ];
    
    # configure dunst
    
    ## writing new config
    home.file.".config/dunst/dunstrc" = {
        text = ''
            [urgency_critical]
                timeout = 15
        '';
    };
    
    ## using existing config
    home.file.".config/dunst/dunstrc".source = "/path/to/existing/dunst/config";
    
    If home-manager supports:
    services.dunst = {
        enable = true;
        # using existing config
        configFile = "/path/to/existing/dunst/config";
    
        # new config
        settings = {
            urgency_critical = {
                timeout = 15;
            };
        };
    };
    

    Is there a way to manage everything at the same time?

    Yes, create a git repo and keep your configuration there. Don’t keep secrets unencrypted in there as those will end up in world readable /nix/store. Any user where system or human can access those. You can use any scheme to manage secrets at wiki[2].

    Even better if everything is in configuration.nix

    You can do everything in single file but I wouldn’t recommend it as configuration may grow quickly and be difficult to manage later. Instead you may split the configuration.nix into multiple files and import those in configuration.nix.

    Flakes simply helps to manage the inputs easily (e.g. nixpkgs, home-manager), i.e., which version of input your config uses. Traditionally inputs is managed by nix-channel imperatively. It generates flake.lock to store the hash of inputs which won’t be updated unless you update it. If you copy the config between different machines (or reinstall), you’ll get exact same version of packages. It also helps avoid adding nix-channel, which you have to add manually during reinstall and you may not get the same version of packages. So, it’s not important as you can do all things with/without it.

    I found this guide [3] quite helpful to start with flakes. You may use one of Misterio77’s starter configs[4]. Also, a big surprise with flakes is that if you don’t use git, then your all files from config dir will end up in /nix/store (world-readable[5]) [6] [7]. So, you should use git with flakes that way only commited files will end up in /nix/store(world-readable).


    1. https://nix-community.github.io/home-manager/options.xhtml ↩︎

    2. https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes ↩︎

    3. https://nixos-and-flakes.thiscute.world/introduction ↩︎

    4. https://github.com/Misterio77/nix-starter-configs ↩︎

    5. By world-readable, I mean any service or program can access those files ↩︎

    6. https://discourse.nixos.org/t/flakes-without-git-copies-entire-tree-to-nix-store/10743 ↩︎

    7. https://github.com/NixOS/nix/issues/5549 ↩︎